CN106878074A - Traffic filtering method and device - Google Patents
Traffic filtering method and device Download PDFInfo
- Publication number
- CN106878074A CN106878074A CN201710087242.2A CN201710087242A CN106878074A CN 106878074 A CN106878074 A CN 106878074A CN 201710087242 A CN201710087242 A CN 201710087242A CN 106878074 A CN106878074 A CN 106878074A
- Authority
- CN
- China
- Prior art keywords
- keyword
- content
- objective network
- network flow
- heading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The application provides a kind of traffic filtering method and device, and the method is applied to user's internet behavior analytical equipment, it may include:Crawl objective network flow;Message format parsing is carried out to the objective network flow based on target protocol type, the content-keyword being associated with file format carried in the objective network flow is obtained;The content-keyword is matched with preset keyword, if the content-keyword matches the preset keyword, the objective network flow for carrying the content-keyword is filtered and preserved.The method provided using the application, can effectively improve the analysis efficiency of user's internet behavior.
Description
Technical field
The application is related to computer communication field, more particularly to a kind of traffic filtering technology.
Background technology
With the fast development of internet, various applications based on internet are continued to bring out, for preferably operation network
Network, provides the user preferably experience, the internet behavior of necessary analysis user.
However, during the internet behavior to user is analyzed, due to the crawl of user's internet behavior analytical equipment
Objective network flow in contain and disturb flow in large quantities, therefore how effectively to remove interference flow, improve user's online
The efficiency of behavior just turns into problem demanding prompt solution.
The content of the invention
In view of this, the application provides a kind of traffic filtering method and device, is used to improve the analysis of user's internet behavior
Efficiency.
Specifically, the application is achieved by the following technical solution:
According to the first aspect of the application, there is provided a kind of traffic filtering method, methods described is applied to user's internet behavior
Analytical equipment, methods described includes:
Crawl objective network flow;
Message format parsing is carried out to the objective network flow based on target protocol type, the objective network flow is obtained
The content-keyword being associated with file format of middle carrying;
The content-keyword is matched with preset keyword, if the content-keyword matches the default pass
Key word, filters and preserves the objective network flow for carrying the content-keyword.
Optionally, described that message format parsing is carried out to the objective network flow based on target protocol type, obtaining should
The content-keyword being associated with file format carried in objective network flow, including:
Based on target protocol type, the heading of the request message of the objective network flow is parsed, obtain the request report
The content-keyword being associated with file format carried in the heading of text;
If not getting the content-keyword in the heading of the request message, based on target protocol class
Type, parses the heading of the response message of the objective network flow, obtain carry in the heading of the response message with text
The associated content-keyword of part form;
If not getting the content-keyword in the heading of the response message, based on target protocol class
Type, parses the response message load of the objective network flow, obtains carried during the response message is loaded and file format
Associated content-keyword.
Optionally, methods described also includes:
Obtain the Extended Protocol of user input;
In locally-stored protocol format corresponding with the Extended Protocol.
Optionally, methods described also includes:
If cannot be parsed to the objective network flow based on the target protocol type, based on the extension
Agreement, message format parsing is carried out to the objective network flow, obtains the content-keyword that the objective network flow is carried.
Optionally, the heading of the request message, the heading of the response message and the response message load
Field type corresponding to the content-keyword of carrying is different, and associated file format is identical.
According to the second aspect of the application, there is provided a kind of traffic filtering device, described device is applied to user's internet behavior
Analytical equipment, described device includes:
Placement unit, for capturing objective network flow;
Acquiring unit, for carrying out message format parsing to the objective network flow based on target protocol type, obtains
The content-keyword being associated with file format carried in the objective network flow;
Filter element, for the content-keyword to be matched with preset keyword, if the content-keyword
The preset keyword is matched, the objective network flow for carrying the content-keyword is filtered and preserve.
Optionally, the acquiring unit, specifically for based on target protocol type, parsing asking for the objective network flow
The heading of message is sought, the content-keyword being associated with file format carried in the heading of the request message is obtained;Such as
Fruit does not get the content-keyword in the heading of the request message, then based on target protocol type, parsing is described
The heading of the response message of objective network flow, obtains being associated with file format of carrying in the heading of the response message
Content-keyword;If not getting the content-keyword in the heading of the response message, based on target association
View type, parses the response message load of the objective network flow, obtains carried during the response message is loaded and file
The associated content-keyword of form.
Optionally, described device also includes:
Import unit, the Extended Protocol for obtaining user input, and in locally-stored association corresponding with the Extended Protocol
View form.
Optionally, described device also includes:
Expanding element, if for that cannot be parsed to the objective network flow based on the target protocol type,
The Extended Protocol is then based on, message format parsing is carried out to the objective network flow, obtained the objective network flow and take
The content-keyword of band.
Optionally, the heading of the request message, the heading of the response message and the response message load
Field type corresponding to the content-keyword of carrying is different, and associated file format is identical.
The application proposes a kind of traffic filtering method, the objective network stream that user's internet behavior analytical equipment will can be grabbed
The content-keyword being associated with file format carried in amount is matched with preset keyword, if the content-keyword
The preset keyword is matched, then filters and preserve the objective network flow for carrying the content-keyword.
Because customer analysis equipment can be closed by the content being associated with file format carried in objective network flow
Key word is removed and disturbs flow to be filtered to the objective network flow for capturing, and the flow needed for acquisition carries out user behavior point
Analysis, therefore, the efficiency of user behavior analysis can be effectively improved.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the traffic filtering method shown in the exemplary embodiment of the application one;
Fig. 2 is a kind of hardware structure diagram of the traffic filtering device place equipment shown in the exemplary embodiment of the application one;
Fig. 3 is a kind of block diagram of the traffic filtering device shown in the exemplary embodiment of the application one.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in implementation method do not represent all implementation methods consistent with the application.Conversely, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application.
" one kind ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps
May be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other open same type of information.For example, not departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
With the fast development of internet, various applications based on internet are continued to bring out, for preferably operation network
Network, provides the user preferably experience, the internet behavior of necessary analysis user.
In the related art, user's internet behavior analytical equipment is generally based on default packet catcher, such as Wireshark
Packet catcher, captures objective network flow, and the objective network flow for grabbing is analyzed again then.
However, in actual applications, substantial amounts of interference flow is contained in the objective network flow for grabbing, such as with service
DNS (Domain Name System, domain name system) message, UDP (the User Datagram produced in device interaction
Protocol, UDP) user data message and TCP (Transmission Control Protocol, transmission
Control protocol) control message etc. of shaking hands, when locally generated interference message and user obtain the page, the auxiliary report of generation
Text, such as JavaScript messages, Cookie operation messages or advertisement insertion message.When user's internet behavior analytical equipment pair
When the objective network flow for including interference flow in large quantities is analyzed, the difficulty of user's internet behavior analysis can be greatly increased
Degree, greatly reduces data analysis ground efficiency.
The application proposes a kind of traffic filtering method, the objective network stream that user's internet behavior analytical equipment will can be grabbed
The content-keyword being associated with file format carried in amount is matched with preset keyword, if the content-keyword
The preset keyword is matched, then filters and preserve the objective network flow for carrying the content-keyword.
Because customer analysis equipment can be closed by the content being associated with file format carried in objective network flow
Key word is removed and disturbs flow to be filtered to the objective network flow for capturing, and the flow needed for acquisition carries out user behavior point
Analysis, therefore, the efficiency of user behavior analysis can be effectively improved.
Referring to Fig. 1, Fig. 1 is a kind of flow chart of the traffic filtering method shown in the exemplary embodiment of the application one.The stream
Amount filter method can be applied to user's internet behavior analytical equipment, and the method may include:
Step 101:Crawl objective network flow;
Step 102:Message format parsing is carried out to the objective network flow based on target protocol type, the target is obtained
The content-keyword being associated with file format carried in network traffics;
Step 103:The content-keyword is matched with preset keyword, if content-keyword matching institute
Preset keyword is stated, the objective network flow for carrying the content-keyword is filtered and preserve.
The above keyword, the file format with objective network flow is associated.For example, working as above-mentioned objective network flow
File format when being audio file formats, the above keyword can be for mp3, mp4, m4a etc..When above-mentioned objective network flow
File format when being picture file format, the above keyword can be for jpg, jpeg, gif, png etc..When above-mentioned target network
The file format of network flow is compressed file format, and the above keyword can be rar, zip etc..Certainly, merely just to upper
The exemplary illustration of content-keyword is stated, it is not carried out specifically defined.
Above-mentioned target protocol, can refer to upper network layer puppy parc, such as HTTP (HyperText Transfer
Protocol, HTTP) agreement etc..Generally, user's internet behavior analytical equipment is based on such agreement, to target
After flow is parsed, can be by the cleartext information direct access content-keyword after parsing.
In the embodiment of the present application, user's internet behavior analytical equipment can be based on default packet catcher, capture target network
Network flow.
Wherein, default packet catcher can be some packet catchers of main flow, such as Wireshark packet catchers.Here
Exemplary explanation simply is carried out to default packet catcher, it is not limited specifically.
After objective network flow is grabbed, user's internet behavior analytical equipment can be based on target protocol type to the target
Network traffics carry out message format parsing, obtain the content being associated with file format carried in the objective network flow crucial
Word.
In order to improve the analyzing efficiency of objective network flow, user's internet behavior analytical equipment can be excellent based on default parsing
First level is parsed to objective network flow.
In a kind of optional implementation, user's internet behavior analytical equipment can be based on target protocol type, to above-mentioned
The heading of the request message of the objective network flow for grabbing is parsed, and obtains what is carried in the heading of the request message
The content-keyword being associated with file format.
If user's internet behavior analytical equipment does not get and above-mentioned and file in the heading of above-mentioned request message
The associated content-keyword of form, such as, do not carry content-keyword in the heading of above-mentioned request message, or carry
Content-keyword is unrelated with file format, then can be based on target protocol type, parses the response message of the objective network flow
Heading, obtain the content-keyword being associated with file format carried in the heading of the response message.
If user's internet behavior analytical equipment does not get and above-mentioned tray in the heading of the response message
The associated content-keyword of formula, such as, do not carry content-keyword in the heading of above-mentioned response message, or carry it is interior
Hold keyword unrelated with file format, then can be based on target protocol type, the response message for parsing the objective network flow is born
Carry, obtain the content-keyword being associated with file format carried in response message load.
It is audio to need the file format of objective network flow of filtering below with target protocol type as http protocol
As a example by file, it is described in detail carrying out parsing to objective network flow based on default parsing priority to above-mentioned.
User's internet behavior analytical equipment can be based on http protocol, to the request report of the above-mentioned objective network flow for grabbing
The heading of text is parsed, and by Get functions, obtains the corresponding content-keyword of heading relevant field of request message.
Assuming that the file format of objective network flow is audio file, user's internet behavior analytical equipment can be from the heading of request message
In get the content-keyword of such as mp3, mp4, m4a field type.
When the content-keyword related to file format is not carried in the heading of above-mentioned request message, such as after file
Sew mp3, mp4, m4a etc., or the content-keyword that carries it is unrelated with file format when, user's internet behavior analytical equipment is then
The content-keyword cannot be got.Now, user's internet behavior analytical equipment can be based on http protocol, to the report of response message
Literary head is parsed.Generally, record has Contet-Type fields, user's internet behavior point in the heading of http response message
Desorption device can obtain the content-keyword associated with file format of the Contet-Type field records, such as audio/x-m4a.
When the Contet-Type fields of the heading of above-mentioned response message have not recorded content-keyword, or record
Content-keyword is unrelated with file format, and such as the content-keyword of Contet-Type field records is application/
Octet-stream etc., user's internet behavior analytical equipment cannot then get carry in the heading of the response message with text
The associated content-keyword of part form.Now, user's internet behavior analytical equipment can be based on http protocol, negative to response message
It is loaded into going parsing.Generally, algorithm field etc. is carried in load, user's internet behavior analytical equipment can be remembered in acquisition algorithm field
The content-keyword of record, for example, ID3 is a kind of algorithm of audio file formats, user's internet behavior analytical equipment gets
Content-keyword can be ID3.
Certainly, above-mentioned default parsing priority can be based on actual conditions, by administrative staff's sets itself, merely just
To the exemplary illustration of above-mentioned default parsing priority, it is not carried out specifically defined.
In order to improve versatility of user's internet behavior analytical equipment to objective network traffic filtering, expand user online
The protocol type that behavioural analysis equipment is used, in the embodiment of the present application, user can be based on actual conditions, surfed the Net to user and gone
For analytical equipment imports Extended Protocol.User's internet behavior analytical equipment can obtain the Extended Protocol of user input, and can be at this
Ground storage protocol format corresponding with the Extended Protocol.
Wherein, Extended Protocol can be network lower-layer protocols or proprietary protocol.For network lower-layer protocols, can be assisted for TCP
View, udp protocol etc..
For proprietary protocol, the less agreement that can be used according to actual conditions by administrative staff for example can be
RTMP (Real Time Messaging Protocol, real-time messages host-host protocol) agreement, RTSP (Real Time
Streaming Protocol, real time streaming transport protocol) agreement and RTMFP (Real Time Media Flow
Protocol, real-time media stream protocol) agreement etc..
Here, simply Extended Protocol is exemplarily illustrated, it is not carried out specifically defined.
In the embodiment of the present application, if user's internet behavior analytical equipment cannot be based on above-mentioned target protocol type to upper
State objective network flow to be parsed, then can be based on the protocol format in Extended Protocol, message lattice are carried out to objective network flow
Formula is parsed, and obtains the content-keyword carried in the objective network flow.
After the above keyword is got, content-keyword that user's internet behavior analytical equipment will can get with
Default keyword is matched.If the content-keyword and default keyword match, filtering carries content pass
The objective network flow of key word.
In order to alleviate data storage pressure, while facilitating the subsequent operations, user's internet behavior analytical equipment such as flow playback
The objective network flow that can be will filter out is stored.
If the content-keyword is mismatched with default keyword, user's internet behavior analytical equipment then can be by the content
The corresponding objective network flow of keyword is abandoned.
Wherein, above-mentioned default keyword, can be administrative staff's keyword set in advance, and filtering traffic is wanted with it
File format is associated.For example, when the file format of above-mentioned objective network flow is audio format, above-mentioned default keyword can
It is mp3, mp4, m4a, audio/x-m4a, ID3 etc..Merely just default keyword is exemplarily illustrated, not to it
Carry out specifically defined.
In the embodiment of the present application, the content being associated with file format that the heading of above-mentioned request message is carried is crucial
The content-keyword being associated with file format and the load of above-mentioned response message that word, the heading of above-mentioned response message are carried
The different but associated file format of field type corresponding to the content-keyword being associated from file format for carrying is phase
With.
For example, still so that the file format of above-mentioned objective network flow is as audio file as an example, the message of above-mentioned request message
The content-keyword being associated with file format that head is carried can be mp3, mp4, m4a, and the heading of above-mentioned response message is carried
The content-keyword being associated with file format can be audio/x-m4a, the load of above-mentioned response message is carried and tray
The associated content-keyword of formula can be ID3.The corresponding field type of content-keyword of these three types is different, but institute
The file format of association is audio file, associated file format all same.
The application proposes a kind of traffic filtering method, the objective network stream that user's internet behavior analytical equipment will can be grabbed
The content-keyword being associated with file format carried in amount is matched with preset keyword, if the content-keyword
The preset keyword is matched, then filters and preserve the objective network flow for carrying the content-keyword.
Because customer analysis equipment can be closed by the content being associated with file format carried in objective network flow
Key word is removed and disturbs flow to be filtered to the objective network flow for capturing, and the flow needed for acquisition carries out user behavior point
Analysis, therefore, the efficiency of user behavior analysis can be effectively improved.
Embodiment with aforementioned flow filter method is corresponding, present invention also provides the embodiment of traffic filtering device.
The embodiment of the application traffic filtering device can be applied in user's internet behavior analytical equipment.Device embodiment
Can be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one
Device on individual logical meaning is the processor by user's internet behavior analytical equipment where it by nonvolatile memory
Corresponding computer program instructions run what is formed in reading internal memory.From for hardware view, as shown in Fig. 2 being the application
A kind of hardware structure diagram of user's internet behavior analytical equipment where traffic filtering device, except the processor shown in Fig. 2, interior
Deposit, outside network outgoing interface and nonvolatile memory, the user's internet behavior analytical equipment in embodiment where device is led to
Often according to the actual functional capability of the equipment, other hardware can also be included, this is repeated no more.
Fig. 3 is refer to, Fig. 3 is a kind of block diagram of the traffic filtering device shown in the exemplary embodiment of the application one.The stream
Amount filter may include:Placement unit 310, acquiring unit 320 and filter element 330.
Wherein, placement unit 310, can be used to capture objective network flow;
Acquiring unit 320, can be used to carry out message format parsing to the objective network flow based on target protocol type,
Obtain the content-keyword being associated with file format carried in the objective network flow;
Filter element 330, can be used to be matched the content-keyword with preset keyword, if the content is closed
Key word matches the preset keyword, filters and preserve the objective network flow for carrying the content-keyword.
In a kind of optional implementation, the acquiring unit 320 can be specifically for based on target protocol type, solution
The heading of the request message of the objective network flow is analysed, carry in the heading of the request message and file format is obtained
Associated content-keyword;If not getting the content-keyword in the heading of the request message, it is based on
Target protocol type, parses the heading of the response message of the objective network flow, in obtaining the heading of the response message
The content-keyword being associated with file format for carrying;If do not got in the heading of the response message in described
Hold keyword, then based on target protocol type, parse the response message load of the objective network flow, obtain the response report
The content-keyword being associated with file format carried in text load.
In another optional implementation, described device also includes import unit 340, can be used to obtain user input
Extended Protocol, and in locally-stored protocol format corresponding with the Extended Protocol.
In another optional implementation, described device also includes expanding element 350, if can be used to be based on
The target protocol type is parsed to the objective network flow, then based on the Extended Protocol, to the objective network
Flow carries out message format parsing, obtains the content-keyword that the objective network flow is carried.
In another optional implementation, the heading of the request message, the response message heading with
And the response message loads the field type difference corresponding to the content-keyword for carrying, associated file format is identical.
The function of unit and the implementation process of effect correspond to step in specifically referring to the above method in said apparatus
Implementation process, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality
Apply the part explanation of example.Device embodiment described above is only schematical, wherein described as separating component
The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Selection some or all of module therein is needed to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, is not used to limit the application, all essences in the application
Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.
Claims (10)
1. a kind of traffic filtering method, it is characterised in that methods described is applied to user's internet behavior analytical equipment, methods described
Including:
Crawl objective network flow;
Message format parsing is carried out to the objective network flow based on target protocol type, is obtained and take in the objective network flow
The content-keyword being associated with file format of band;
The content-keyword is matched with preset keyword, if the content-keyword matches the default key
Word, filters and preserves the objective network flow for carrying the content-keyword.
2. method according to claim 1, it is characterised in that it is described based on target protocol type to the objective network stream
Amount carries out message format parsing, obtains the content-keyword being associated with file format carried in the objective network flow, bag
Include:
Based on target protocol type, the heading of the request message of the objective network flow is parsed, obtain the request message
The content-keyword being associated with file format carried in heading;
If not getting the content-keyword in the heading of the request message, based on target protocol type, solution
The heading of the response message of the objective network flow is analysed, carry in the heading of the response message and file format is obtained
Associated content-keyword;
If not getting the content-keyword in the heading of the response message, based on target protocol type, solution
The response message load of the objective network flow is analysed, what is carried in the acquisition response message load is associated with file format
Content-keyword.
3. method according to claim 1, it is characterised in that methods described also includes:
Obtain the Extended Protocol of user input;
In locally-stored protocol format corresponding with the Extended Protocol.
4. method according to claim 3, it is characterised in that methods described also includes:
If cannot be parsed to the objective network flow based on the target protocol type, based on the extension association
View, message format parsing is carried out to the objective network flow, obtains the content-keyword that the objective network flow is carried.
5. method according to claim 2, it is characterised in that the heading of the request message, the response message
The field type difference corresponding to content-keyword that heading and response message load are carried, associated tray
Formula is identical.
6. a kind of traffic filtering device, it is characterised in that described device is applied to user's internet behavior analytical equipment, described device
Including:
Placement unit, for capturing objective network flow;
Acquiring unit, for carrying out message format parsing to the objective network flow based on target protocol type, obtains the mesh
The content-keyword being associated with file format carried in mark network traffics;
Filter element, for the content-keyword to be matched with preset keyword, if the content-keyword is matched
The preset keyword, filters and preserves the objective network flow for carrying the content-keyword.
7. device according to claim 6, it is characterised in that the acquiring unit, specifically for based on target protocol class
Type, parses the heading of the request message of the objective network flow, obtain carry in the heading of the request message with text
The associated content-keyword of part form;If the content-keyword is not got in the heading of the request message,
Target protocol type is then based on, the heading of the response message of the objective network flow is parsed, the report of the response message is obtained
The content-keyword being associated with file format carried in literary head;If do not got in the heading of the response message
The content-keyword, then based on target protocol type, parse the response message load of the objective network flow, obtains described
The content-keyword being associated with file format carried in response message load.
8. device according to claim 6, it is characterised in that described device also includes:
Import unit, the Extended Protocol for obtaining user input, and in locally-stored agreement lattice corresponding with the Extended Protocol
Formula.
9. device according to claim 6, it is characterised in that described device also includes:
Expanding element, if for that cannot be parsed to the objective network flow based on the target protocol type, base
In the Extended Protocol, message format parsing is carried out to the objective network flow, obtain what the objective network flow was carried
Content-keyword.
10. device according to claim 7, it is characterised in that the heading of the request message, the response message
The field type difference corresponding to content-keyword that heading and response message load are carried, associated tray
Formula is identical.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710087242.2A CN106878074B (en) | 2017-02-17 | 2017-02-17 | Flow filtering method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710087242.2A CN106878074B (en) | 2017-02-17 | 2017-02-17 | Flow filtering method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106878074A true CN106878074A (en) | 2017-06-20 |
| CN106878074B CN106878074B (en) | 2020-09-08 |
Family
ID=59167170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710087242.2A Active CN106878074B (en) | 2017-02-17 | 2017-02-17 | Flow filtering method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106878074B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111812A (en) * | 2017-12-20 | 2018-06-01 | 北京启明星辰信息安全技术有限公司 | A kind of Video security monitoring method and monitoring system |
| CN109327357A (en) * | 2018-11-29 | 2019-02-12 | 杭州迪普科技股份有限公司 | Feature extracting method, device and the electronic equipment of application software |
| CN111030893A (en) * | 2019-12-31 | 2020-04-17 | 上海途鸽数据科技有限公司 | Method and device for analyzing user behaviors in cloud communication application scene |
| CN111262812A (en) * | 2018-11-30 | 2020-06-09 | 比亚迪股份有限公司 | Data packet screening method and device |
| CN111353018A (en) * | 2020-02-24 | 2020-06-30 | 杭州迪普信息技术有限公司 | Data processing method and device based on deep packet inspection and network equipment |
| CN112532616A (en) * | 2020-11-26 | 2021-03-19 | 杭州迪普科技股份有限公司 | Feature analysis method and device for network application |
| CN112860378A (en) * | 2021-02-23 | 2021-05-28 | 哈尔滨工业大学(威海) | Method, system, equipment and storage medium for calculating minimum virtual resources required by playback flow |
| CN114884882A (en) * | 2022-06-16 | 2022-08-09 | 深圳星云智联科技有限公司 | Traffic visualization method, device and equipment and storage medium |
| CN117278660A (en) * | 2023-11-21 | 2023-12-22 | 华信咨询设计研究院有限公司 | Protocol analysis method for flow filtering based on DPDK technology |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610268A (en) * | 2009-07-16 | 2009-12-23 | 杭州华三通信技术有限公司 | A kind of implementation method of keyword filtration and equipment |
| CN101996259A (en) * | 2010-12-12 | 2011-03-30 | 成都东方盛行电子有限责任公司 | Method for deeply analyzing data based on white list mechanism |
| CN102217281A (en) * | 2011-06-13 | 2011-10-12 | 华为技术有限公司 | Method and apparatus for protocol analysis |
| CN103905434A (en) * | 2014-03-13 | 2014-07-02 | 亿赞普(北京)科技有限公司 | Method and device for processing network data |
| CN104079545A (en) * | 2013-03-29 | 2014-10-01 | 西门子公司 | Method, device and system for extracting data package filtering rules |
| CN104079493A (en) * | 2014-06-11 | 2014-10-01 | 国家计算机网络与信息安全管理中心 | Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources |
| CN106254902A (en) * | 2016-08-19 | 2016-12-21 | 恒安嘉新(北京)科技有限公司 | A kind of based on mobile Internet video user perception and the method and system of analysis |
-
2017
- 2017-02-17 CN CN201710087242.2A patent/CN106878074B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610268A (en) * | 2009-07-16 | 2009-12-23 | 杭州华三通信技术有限公司 | A kind of implementation method of keyword filtration and equipment |
| CN101996259A (en) * | 2010-12-12 | 2011-03-30 | 成都东方盛行电子有限责任公司 | Method for deeply analyzing data based on white list mechanism |
| CN102217281A (en) * | 2011-06-13 | 2011-10-12 | 华为技术有限公司 | Method and apparatus for protocol analysis |
| CN104079545A (en) * | 2013-03-29 | 2014-10-01 | 西门子公司 | Method, device and system for extracting data package filtering rules |
| CN103905434A (en) * | 2014-03-13 | 2014-07-02 | 亿赞普(北京)科技有限公司 | Method and device for processing network data |
| CN104079493A (en) * | 2014-06-11 | 2014-10-01 | 国家计算机网络与信息安全管理中心 | Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources |
| CN106254902A (en) * | 2016-08-19 | 2016-12-21 | 恒安嘉新(北京)科技有限公司 | A kind of based on mobile Internet video user perception and the method and system of analysis |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111812A (en) * | 2017-12-20 | 2018-06-01 | 北京启明星辰信息安全技术有限公司 | A kind of Video security monitoring method and monitoring system |
| CN109327357A (en) * | 2018-11-29 | 2019-02-12 | 杭州迪普科技股份有限公司 | Feature extracting method, device and the electronic equipment of application software |
| CN109327357B (en) * | 2018-11-29 | 2020-10-09 | 杭州迪普科技股份有限公司 | Feature extraction method and device of application software and electronic equipment |
| CN111262812A (en) * | 2018-11-30 | 2020-06-09 | 比亚迪股份有限公司 | Data packet screening method and device |
| CN111030893A (en) * | 2019-12-31 | 2020-04-17 | 上海途鸽数据科技有限公司 | Method and device for analyzing user behaviors in cloud communication application scene |
| CN111353018B (en) * | 2020-02-24 | 2023-11-10 | 杭州迪普信息技术有限公司 | Data processing method and device based on deep packet inspection and network equipment |
| CN111353018A (en) * | 2020-02-24 | 2020-06-30 | 杭州迪普信息技术有限公司 | Data processing method and device based on deep packet inspection and network equipment |
| CN112532616A (en) * | 2020-11-26 | 2021-03-19 | 杭州迪普科技股份有限公司 | Feature analysis method and device for network application |
| CN112860378B (en) * | 2021-02-23 | 2022-07-29 | 哈尔滨工业大学(威海) | Method, system, equipment and storage medium for calculating minimum virtual resources required by playback flow |
| CN112860378A (en) * | 2021-02-23 | 2021-05-28 | 哈尔滨工业大学(威海) | Method, system, equipment and storage medium for calculating minimum virtual resources required by playback flow |
| CN114884882A (en) * | 2022-06-16 | 2022-08-09 | 深圳星云智联科技有限公司 | Traffic visualization method, device and equipment and storage medium |
| CN114884882B (en) * | 2022-06-16 | 2023-11-21 | 深圳星云智联科技有限公司 | Flow visualization method, device, equipment and storage medium |
| CN117278660A (en) * | 2023-11-21 | 2023-12-22 | 华信咨询设计研究院有限公司 | Protocol analysis method for flow filtering based on DPDK technology |
| CN117278660B (en) * | 2023-11-21 | 2024-03-29 | 华信咨询设计研究院有限公司 | Protocol analysis method for flow filtering based on DPDK technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106878074B (en) | 2020-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106878074A (en) | Traffic filtering method and device | |
| US11425229B2 (en) | Generating event streams from encrypted network traffic monitored by remote capture agents | |
| US9843598B2 (en) | Capture triggers for capturing network data | |
| EP2860912A1 (en) | A method for correlating network traffic data from distributed systems and computer program thereof | |
| JP5167501B2 (en) | Network monitoring system and its operation method | |
| US10366101B2 (en) | Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams | |
| WO2019237532A1 (en) | Service data monitoring method, storage medium, terminal device and apparatus | |
| RU2487484C2 (en) | Stream media server, client terminal, method and system for downloading stream media | |
| US8972374B2 (en) | Content acquisition system and method of implementation | |
| US20120182891A1 (en) | Packet analysis system and method using hadoop based parallel computation | |
| US20110125748A1 (en) | Method and Apparatus for Real Time Identification and Recording of Artifacts | |
| CN104268082B (en) | The method for testing pressure and device of browser | |
| WO2005001654A3 (en) | Interface for media publishing | |
| US20160127180A1 (en) | Streamlining configuration of protocol-based network data capture by remote capture agents | |
| US20120278852A1 (en) | Executable content filtering | |
| CN103685354A (en) | Method and device for testing based on RMI protocol | |
| CN109361573A (en) | Traffic log analysis method, system and computer readable storage medium | |
| TW201030541A (en) | Method and system to realize downloading network data into multimedia player | |
| US20170229146A1 (en) | Real-time content editing with limited interactivity | |
| AU2017385032A1 (en) | System for preparing network traffic for fast analysis | |
| EP4252415A1 (en) | Network operating center (noc) workspace interoperability | |
| CN105119764B (en) | Method and apparatus for traffic monitoring | |
| CN109245963A (en) | The recognition methods of network terminal type and relevant device | |
| US8045564B2 (en) | Protocol-level filtering | |
| CN103491451B (en) | A kind of web data acquisition methods and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |